<style>
#greenrow {
    text-align: left;
    background-color: #A8DAB5; 
    color: #5F6368
}
#redrow {
    text-align: left;
    background-color: #F6AEA9; 
    color: #5F6368
}
#yellowrow {
    text-align: left;
    background-color: #FDE293; 
    color: #5F6368
}
#rowheader {
    text-align: center;
    font-weight: bold; 
}
</style>

<table>
    <thead style="text-align:center;background-color: #E8EAED; font-size: large; color: #3C4043;" >
        <tr>
            <th></th>
            <th>BigLake/BigQuery IAM</th>
            <th>Ranger Hive Plugin</th>
          </tr>
    </thead>
    <tbody>
      <tr>
        <td id="rowheader">Users and Groups</td>
        <td id="greenrow">supported</td>
        <td id="greenrow">supported</td>
      </tr>
      <tr>
        <td id="rowheader">Permission Mapping</td>
        <td colspan="2">
            <ul>
                <li>Select -> bigquery.tables.getData, bigquery.jobs.create</li>
                <li>Update -> bigquery.tables.updateData</li>
                <li>Create -> bigquery.tables.create </li>
                <li>Drop -> bigquery.tables.delete</li> 
                <li>Alter -> bigquery.tables.update </li> 
                <li>Index, -> index is different in BigQuery, clustering and partitioning features exist.</li> 
                <li>Lock -> there is no lock</li> 
              </ul>
        </td>        
      </tr>
      <tr>
        <td id="rowheader">Authorization Granularity</td>
        <td id="greenrow" colspan="2">Dataset, Table, Column, Row</td>
      </tr>
      <tr>
        <td id="rowheader">Data Masking on Columns</td>
        <td id="greenrow"> <a href="https://cloud.google.com/bigquery/docs/column-data-masking-intro">supported</a></td>
        <td id="greenrow">supported</td>
      </tr> 
      <tr>
        <td id="rowheader">Policy Labels</td>
        <td id="greenrow">supported</td>
        <td id="greenrow">supported</td>
      </tr> 
      <tr>
        <td id="rowheader">Tag Based Access Control</td>
        <td id="greenrow">
            <ul>
                <li><a href="https://cloud.google.com/data-catalog/docs/policy-tags">Policy Tags</a> for column based access control</li>
                <li><a href="https://cloud.google.com/resource-manager/docs/tags/tags-overview"> Resource Tags</a> at BigQuery dataset level</li>
              </ul>
        </td>
        <td id="greenrow">supported</td>
      </tr> 
      <tr>
        <td id="rowheader">Allow Exceptions</td>
        <td id="redrow">not supported</td>
        <td id="greenrow">supported</td>
      </tr> 
      <tr>
        <td id="rowheader">Deny Policies</td>
        <td id="redrow">not supported. Preview for GCS. Please check the latest information.</td>
        <td id="greenrow">supported</td>
      </tr> 
      <tr>
        <td id="rowheader">Policy Priorities (Priorities of 0 or 1)</td>
        <td id="yellowrow">Not supported since IAM is additive. <br/>
            In Ranger, policy priorities are used to allow access 
            temporarily by overriding other policies. 
            We can achieve temporary access by using group memberships
            </td>
        <td id="greenrow">supported</td>
      </tr> 
      <tr>
        <td id="rowheader">Wildcard</td>
        <td id="yellowrow">Wildcard (*) are not supported in IAM. 
            For instance, we cannot create IAM rules for finance_* <br/>
            However, we can group resources in Projects, Folders etc.
            </td>
        <td id="greenrow">supported</td>
      </tr> 
      <tr>
        <td id="rowheader">Validity Period</td>
        <td id="yellowrow">Validity period is not supported since 
            BigQuery IAM does not support conditions yet (please check the latest information).<br/>
            Nevertheless, temporary access can be given by temporary group membership, which is also
            the recommended since it does not require changes in the IAM policy and hence no need to run a 
            CI/CD pipeline.
            </td>
        <td id="greenrow">supported</td>
      </tr>     
    </tbody>
  </table>
